System and method to reduce inappropriate email and online behavior

ABSTRACT

A method is provided to reduce inappropriate online behavior. The method includes providing a network service, receiving a request from a user to use the network service, and requesting a usage report about an email account associated with the user. The usage report is based on analysis of usage data representative of usage of the email account, and the analysis is based on at least one of a date that the email account was established, tracked history of emails received by the email account, and a history of IP addresses used when accessing the email account for communicating with multiple other email accounts, and the usage data is unrelated to content included in email messages exchanged by the email account. Either a first level or a second level of the network service available to the user is selected, wherein selection of the first or second level is based on whether the usage report meets selectable criteria.

CROSS REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.15/207,059 filed Jul. 11, 2016 which claims priority to U.S. PatentApplication Ser. No. 62/276,068 filed Jan. 7, 2016, both of which areincorporated herein by reference in their entirety.

FIELD OF THE DISCLOSURE

The disclosed embodiments generally relate to online activitiesincluding email communication and network-based services, and moreparticularly, to a system and method using a history of email accountusage to reduce inappropriate email and online behavior, such as emailspam, online bullying and/or stalking, and online impersonation.

BACKGROUND OF THE DISCLOSURE

Email accounts are nearly universally used for communication. They arealso used as identifiers for business accounts such as provided byAMAZON® or APPLE®, and for social media accounts such as provided byFACEBOOK® and TRIPADVISOR®.

The ease with which email accounts can be opened can pose problems.There are numerous online entities which host accounts and issue emailaddresses. Other than corporate-type accounts in which email addressesare controlled by an administrator and assigned to specific individuals,most email hosts do not verify the identity of persons signing up onlinefor these accounts or limit the number of email accounts that a singleperson can obtain with the host. Additionally, email hosts do not limitusers from obtaining email accounts based on whether a user has alreadyestablished one or more accounts with other email hosts. Accordingly, anindividual person can obtain multiple email accounts from various emailhosts (such as GMAIL®, YAHOO®, etc.), and/or multiple accounts with thesame host. Each email account can be effectively anonymous. Often suchemail accounts are used for a variety of inappropriate, includingmalicious, usages, such as for illegal or unethical purposes. Examplesof inappropriate usages include “phishing”, cyber-bullying, stalking,indiscriminate spamming, online impersonation, and fraudulent consumerreviews.

For example, an individual person can open 100 different email accountsand 100 different TRIPADVISOR® accounts, and then post 100 spuriousreviews (either favorable or unfavorable) about a particular restaurant.Using inexpensive data entry labor from third world countries, firmsexist that market a service to submit spurious reviews in order todestroy a competitor's reputation or build a reputation with fakereviews.

In another example, a teenager can open an anonymous email account andthen send a nasty message to cyber-bully a classmate, which takesminimal time and effort without any financial cost.

In an example of fraudulent reviews, an unscrupulous vendor can arrangefor a confederate to open an account, buy one unit of a product, andthen post a rapturous review which is then published as a “verifiedpurchase,” after which the purchase price is returned by the vendor.Thus, for very little effort and cost, a vendor can (a) skirt governmentregulations associated with truth-in-advertising; and (b) tout its ownproduct. Similarly, such a technique can also be used to cause damage toa competitor. For an expenditure of merely a few dollars, a vendor cangenerate false accusations against a competitor using one or more ofemail or an online-retailer account set up in particular for the purposeof providing customer feedback. The victim may have limited or noavailable remedy. The prospect of large-scale misuse of customer reviewscan render online review systems unreliable and/or useless.

In another example of email abuse, a disgruntled employee can open anemail account to send abusive emails to an officer of the company. Evenif an offending email address was ordered blocked, the disgruntledemployee can open another email account, from any of hundreds orthousands of willing email hosts, and send additional emails.

In an example related to phishing, an imposter planning to phish forspecific information from a particular party can open an imposter emailaccount using an address similar to an email address trusted by thatparty and send a query from the imposter email address. For example, ifit is known that one of John Doe's friends uses an emailaccountbobjones@gmail.com, then an imposter can open imposteraccountsbobjones@yahoo.com or bobjones1975@gmail.com from which theimposters ends an email to John, asking “How did your productpresentation go?” John might thus be tricked into revealing confidentialinformation.

In an example related to spam, organized spammers of malware can usemultiple email accounts to bypass limits set by email hosts to control anumber of messages sent or received.

In a further example related to impersonation, an imposter can useidentification, such as by providing an email account, to accessnetwork-based services that the imposter is not authorized or entitledto use.

In a further example related to inappropriate consumer, seller, orposting behavior, such a user may make purchases or return purchases orpost items (e.g., for sale, display, or usage) in a manner that is notconsistent with a policy of the network-based service or norms ofappropriate online behavior. Such inappropriate behavior can include,for example, piracy, failure to make timely payment, failure to maketimely delivery of a product or service, etc.

SUMMARY OF THE DISCLOSURE

The purpose and advantages of the below described illustratedembodiments will be set forth in and apparent from the description thatfollows. Additional advantages of the illustrated embodiments will berealized and attained by the devices, systems and methods particularlypointed out in the written description and claims hereof, as well asfrom the appended drawings.

To achieve these and other advantages and in accordance with the purposeof the illustrated embodiments, in one aspect, a server is provided thatincludes at least one processing device configured to execute aplurality of programmable instructions to perform operations. Theoperation include hosting a first email account associated with anindividual configured to exchange email messages with at least one otheremail account and accessing usage data, wherein the usage data is basedon at least one of tracked usage of and statistics related to the firstemail account and being separate from content included in email messagesexchanged by the first email account. The operations further includeproviding a usage report, in association with a communication by theindividual, to a computing device that is aware of the communication,wherein the usage report includes at least one of at least a portion ofthe usage data accessed and an indication of a result of adeterminations to whether the usage data accessed is consistent with aprimary email account model.

In other aspects of the disclosure, a method and a non-transitorycomputer readable storage medium having one or more computer programsembedded therein are provided to perform the operations.

In other aspects of the disclosure, a server is provided that includesat least one processing device configured to execute a plurality ofprogrammable instructions to perform operations. The operations includehosting a first email account associated with an individual configuredto exchange email messages with at least one other email account,receiving a verification request to verify the identity of theindividual from a network-based server that is configured to provide anetwork-based service to the individual conditional upon the individualhaving a verified identity, and accessing usage data, wherein the usagedata is based on at least one of tracked usage of and statistics relatedto the first email account and being separate from content included inemail messages exchanged by the first email account. The operationsfurther include providing to the network-based server in response to theverification request, a usage report including at least one of at leasta portion of the usage data accessed and an indication of a result of adetermination as to whether the usage data accessed is consistent with aprimary email account model

In further aspects of the disclosure, a computing device is providedthat includes at least one processing device configured to execute aplurality of programmable instructions to perform operations. Theoperations include receiving an indication that an email message hasbeen sent from a first email account hosted by at least one email serverto a second email account hosted by the at least one email server andreceiving a usage report based on accessed usage data associated withusage of the first email account, wherein the usage data indicates atleast one of tracked usage of the first email account, statisticsrelated to usage of the first email account, and an indication ofresults of an evaluation of the usage data, the usage report and usagedata being separate from content included in email messages exchanged inthe first email account. The operations further include determiningwhether the usage report satisfies predetermined criteria, selecting afirst delivery treatment of the email message when it is determined thatthe predetermined criteria are satisfied, and selecting a seconddelivery treatment of the email message that is different than the firstdelivery treatment when it is determined that the predetermined criteriaare not satisfied.

In still further aspects of the disclosure, an email provider system isprovided that includes at least one processing device configured toexecute a plurality of programmable instructions to perform operations.The operations include hosting first and second email accountsconfigured to exchange email messages with one another and accessingusage data, wherein the usage data includes data about usage of thefirst email account that is unrelated to content included in emailmessages exchanged by the first email account. The operations furtherinclude providing a usage report, in association with a request totransmit an email from the first email account to the second emailaccount, to a computing device that is aware of the request to transmit,wherein the usage report includes at least one of at least a portion ofthe usage data and an indication of a result of a determination as towhether the usage data accessed is consistent with a primary emailaccount model.

Additionally, in aspects of the disclosure, an email provider system isprovided that includes at least one processing device configured toexecute a plurality of programmable instructions to perform operations.The operations include hosting a first email account configured toexchange email messages with a second email account hosted by a secondemail provider system and accessing usage data, wherein the usage dataincludes data about usage of the first email account that is unrelatedto content included in email messages exchanged by the first emailaccount. The operations further include providing a usage report, inassociation with a request to transmit an email from the first emailaccount to the second email account, to a computing device that is awareof the request to transmit, wherein the usage report includes at leastone of at least a portion of the usage data accessed and an indicationof a result of a determination as to whether the usage data isconsistent with a primary email account model.

Furthermore, in aspects of the disclosure, an email provider system isprovided that includes at least one processing device configured toexecute a plurality of programmable instructions to perform operations.The operations include hosting a second email account configured toexchange email messages with a first email account, receiving aselection of parameters of a model of a primary email account from auser of the second email account, and receiving a usage report inassociation with a request from the first email account to transmit anemail message to the second email account, wherein the usage reportincludes data about usage of the first email account that is unrelatedto content included in email messages exchanged by the first emailaccount. The operations further include selecting a first deliverytreatment for delivery of the email message to the second email accountif it is determined that the usage report is consistent with theselection of parameters of the primary email account model, andselecting at least one second delivery treatment that is different thanthe first delivery treatment for delivery of the email message to thesecond email account if it is determined that the usage report is notconsistent with the selection of parameters of the primary email accountmodel.

In accordance with further aspects of the disclosure, a method isprovided to reduce inappropriate online behavior. The method includesproviding a network service, receiving a request from a user to use thenetwork service, and requesting a usage report about an email accountassociated with the user. The usage report is based on analysis of usagedata representative of usage of the email account, and the analysis isbased on at least one of a date that the email account was established,tracked history of emails received by the email account, and a historyof IP addresses used when accessing the email account for communicatingwith multiple other email accounts, and the usage data is unrelated tocontent included in email messages exchanged by the email account.Either a first level or a second level of the network service availableto the user is selected, wherein selection of the first or second levelis based on whether the usage report meets selectable criteria.

In embodiments, the method can further include selecting the secondlevel when the usage report does not meet the selectable criteria,denying availability of the network service or providing a reducedavailability of the network service when the second level is selected,selecting the first level when the usage report does meet the selectablecriteria, and providing a non-reduced availability of the networkservice when the first level is selected.

In embodiments, the network service can be a social media service. Theusage report can include at least a portion of the usage data, the usagereport can include at least statistics calculated based on the usagedata, and the usage report can indicate whether the usage data isconsistent with a primary email account model.

In embodiments, the method can further include selecting the first orsecond level based on a determined level of consistency betweennetwork-based service data indicative of usage of the network service bythe user and the usage data.

In embodiments, the method can further include comparing thenetwork-based service data to the usage data and generating consistencydata based on the comparison. The consistency data can indicate a levelof consistency between the usage data and the network-based servicedata, the level of consistency being based on at least one of (a)consistency between a geographic location of an IP address associatedwith usage of the email account and the network based service and (b)consistency between an age or occupation of the user indicated by aprofile or usage associated with the email account and a profile orusage associated with the usage of the network-based service by theuser. The selection of the first or second level of service can be basedon a level of consistency indicated by the consistency data.

In embodiments, the method can further include determining the level ofconsistency based on temporal and location data associated with theusage data as compared with temporal and location data associated withusage of the network-based service data by the user.

In embodiments, the usage report can indicate at least one of:statistics associated with a number of email messages exchanged with theemail account, statistics associated with a size of messages exchangedwith the email account, statistics associated with a type of one or moreattachments exchanged with the email account, an indication whether theemail account has an associated profile picture, and an indicationwhether the email account has an associated verified telephone number.

In embodiments, the network-based service can include at least one ofposting data to a website, responding to a social-network prompt,entering data in a query box in a website, participating in an onlinechat or forum, submitting a consumer review of a product or service,exchanging private or public messages, voting in a poll, and transactinga financial transaction.

In embodiments, the request can be to establish a new account for theuser to have access to the network service, and providing the networkservice can include establishing the new account when the first level isselected, and denying establishment of the new account when the secondlevel is selected.

In accordance with additional aspects of the disclosure, a server isprovided to perform the aforementioned method of the disclosure. Instill further aspects of the disclosure, provided are a non-transitorycomputer readable storage medium and one or more computer programsembedded therein. The computer programs include instructions, which whenexecuted by a computer system, cause the computer system to perform themessage of the disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying appendices and/or drawings illustrate variousnon-limiting, example, inventive aspects in accordance with the presentdisclosure:

FIG. 1 illustrates an example communication network;

FIG. 2 illustrates an example network device/node;

FIG. 3 is a block diagram of an example usage data verification systemin accordance with the present disclosure;

FIG. 4 is a flowchart illustrating an example method performed by aserver of the usage data verification system shown in FIG. 3 inaccordance with embodiments of the disclosure;

FIG. 5 is a flowchart illustrating an example method performed by anemail server of the usage data verification system shown in FIG. 3 inaccordance with embodiments of the disclosure;

FIG. 6 is a flowchart illustrating another example method performed byan email server of the usage data verification system shown in FIG. 3 inaccordance with embodiments of the disclosure;

FIG. 7 is a flowchart illustrating an example method performed by anetwork-service provider of the usage data verification system shown inFIG. 3 in accordance with embodiments of the disclosure;

FIG. 8 is a flowchart illustrating another example method performed by aserver of the usage data verification system shown in FIG. 3 inaccordance with embodiments of the disclosure;

FIG. 9 is a flowchart illustrating another example method performed by aserver of the usage data verification system shown in FIG. 3 inaccordance with embodiments of the disclosure; and

FIG. 10 is a flowchart illustrating another example method performed bya computing device of the usage data verification system shown in FIG. 3in accordance with embodiments of the disclosure.

DETAILED DESCRIPTION OF CERTAIN EMBODIMENTS

The illustrated embodiments are now described more fully with referenceto the accompanying drawings wherein like reference numerals identifysimilar structural/functional features. The illustrated embodiments arenot limited in any way to what is illustrated as the illustratedembodiments described below are merely exemplary, which can be embodiedin various forms, as appreciated by one skilled in the art. Therefore,it is to be understood that any structural and functional detailsdisclosed herein are not to be interpreted as limiting, but merely as abasis for the claims and as a representation for teaching one skilled inthe art to variously employ the discussed embodiments. Furthermore, theterms and phrases used herein are not intended to be limiting but ratherto provide an understandable description of the illustrated embodiments.

Unless defined otherwise, all technical and scientific terms used hereinhave the same meaning as commonly understood by one of ordinary skill inthe art to which this disclosure belongs. Although any methods andmaterials similar or equivalent to those described herein can also beused in the practice or testing of the illustrated embodiments,exemplary methods and materials are now described.

It must be noted that as used herein and in the appended claims, thesingular forms “a”, “an,” and “the” include plural referents unless thecontext clearly dictates otherwise. Thus, for example, reference to “astimulus” includes a plurality of such stimuli and reference to “thesignal” includes reference to one or more signals and equivalentsthereof known to those skilled in the art, and so forth.

It is to be appreciated the illustrated embodiments discussed below arepreferably a software algorithm, program or code residing on computeruseable medium having control logic for enabling execution on a machinehaving a computer processor. The machine typically includes memorystorage configured to provide output from execution of the computeralgorithm or program.

As used herein, the term “software” is meant to be synonymous with anycode or program that can be in a processor of a host computer,regardless of whether the implementation is in hardware, firmware or asa software computer product available on a disc, a memory storagedevice, or for download from a remote machine. The embodiments describedherein include such software to implement the equations, relationshipsand algorithms described above. One skilled in the art will appreciatefurther features and advantages of the illustrated embodiments based onthe above-described embodiments. Accordingly, the illustratedembodiments are not to be limited by what has been particularly shownand described, except as indicated by the appended claims.

Turning now descriptively to the drawings, in which similar referencecharacters denote similar elements throughout the several views, FIG. 1depicts an exemplary communications network 100 in which belowillustrated embodiments may be implemented.

It is to be understood a communication network 100 is a geographicallydistributed collection of nodes interconnected by communication linksand segments for transporting data between end nodes, such as personalcomputers, work stations, smart phone devices, tablets, televisions,sensors and or other devices such as automobiles, etc. Many types ofnetworks are available, with the types ranging from local area networks(LANs) to wide area networks (WANs). LANs typically connect the nodesover dedicated private communications links located in the same generalphysical location, such as a building or campus. WANs, on the otherhand, typically connect geographically dispersed nodes overlong-distancecommunications links, such as common carrier telephone lines, opticallight paths, synchronous optical networks (SONET), synchronous digitalhierarchy (SDH) links, or Power line Communications (PLC), and others.

FIG. 1 is a schematic block diagram of an example communication network100 illustratively comprising nodes/devices 101-108 (e.g., sensors 102,client computing devices 103, smart phone devices 105, webservers 106,routers 107, switches 108, and the like) interconnected via links 109 byvarious methods of communication. For instance, the links 109 may bewired links or may comprise a wireless communication medium, wherecertain nodes are in communication with other nodes, e.g., based ondistance, signal strength, current operational status, location, etc.Moreover, each of the devices can communicate data packets (or frames)142 with other devices using predefined network communication protocolsas will be appreciated by those skilled in the art, such as variouswired protocols and wireless protocols etc., where appropriate. In thiscontext, a protocol consists of a set of rules defining how the nodesinteract with each other. Those skilled in the art will understand thatany number of nodes, devices, links, etc. may be used in the computernetwork, and that the view shown herein is for simplicity. Also, whilethe embodiments are shown herein with reference to a general networkcloud, the description herein is not so limited, and may be applied tonetworks that are hardwired.

As will be appreciated by one skilled in the art, aspects of the presentdisclosure may be embodied as a system, method or computer programproduct. Accordingly, aspects of the present invention may take the formof an entirely hardware embodiment, an entirely software embodiment(including firmware, resident software, micro-code, etc.) or anembodiment combining software and hardware aspects that may allgenerally be referred to herein as a “circuit,” “module” or “system.”Furthermore, aspects of the present invention may take the form of acomputer program product embodied in one or more computer readablemedium(s) having computer readable program code embodied thereon.

Any combination of one or more computer readable medium(s) may beutilized. The computer readable medium may be a computer readable signalmedium or a computer readable storage medium. A computer readablestorage medium may be, for example, but not limited to, an electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system,apparatus, or device, or any suitable combination of the foregoing. Morespecific examples (a non-exhaustive list) of the computer readablestorage medium would include the following: an electrical connectionhaving one or more wires, a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), an optical fiber,a portable compact disc read-only memory (CD-ROM), an optical storagedevice, a magnetic storage device, or any suitable combination of theforegoing. In the context of this document, a computer readable storagemedium may be any tangible medium that can contain, or store a programfor use by or in connection with an instruction execution system,apparatus, or device.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wireline, optical fiber cable, RF, etc., or any suitable combination ofthe foregoing.

Computer program code for carrying out operations for aspects of thepresent invention may be written in any combination of one or moreprogramming languages, including an object oriented programming languagesuch as Java, Smalltalk, C++ or the like and conventional proceduralprogramming languages, such as the “C” programming language or similarprogramming languages. The program code may execute entirely on theuser's computer, partly on the user's computer, as a stand-alonesoftware package, partly on the user's computer and partly on a remotecomputer or entirely on the remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider).

Aspects of the present invention are described below with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flow chart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computerreadable medium that can direct a computer, other programmable dataprocessing apparatus, or other devices to function in a particularmanner, such that the instructions stored in the computer readablemedium produce an article of manufacture including instructions whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer,other programmable data processing apparatus, or other devices to causea series of operational steps to be performed on the computer, otherprogrammable apparatus or other devices to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

FIG. 2 is a schematic block diagram of an example network computingdevice 200 (e.g., client computing device 103, server 106, etc.) thatmaybe used (or components thereof) with one or more embodimentsdescribed herein, e.g., as one of the nodes shown in the network 100. Asexplained above, in different embodiments these various devices areconfigured to communicate with each other in any suitable way, such as,for example, via communication network 100. Device 200 is intended torepresent any type of computer system capable of carrying out theteachings of various embodiments of the present invention. Device 200 isonly one example of a suitable system and is not intended to suggest anylimitation as to the scope of use or functionality of embodiments of theinvention described herein. Regardless, computing device 200 is capableof being implemented and/or performing any of the functionality setforth herein.

Computing device 200 is operational with numerous other general purposeor special purpose computing system environments or configurations.Examples of well-known computing systems, environments, and/orconfigurations that may be suitable for use with computing device 200include, but are not limited to, personal computer systems, servercomputer systems, thin clients, thick clients, hand-held or laptopdevices, multiprocessor systems, microprocessor-based systems, set topboxes, programmable consumer electronics, network PCs, minicomputersystems, and distributed data processing environments that include anyof the above systems or devices, and the like.

Computing device 200 may be described in the general context of computersystem-executable instructions, such as program modules, being executedby a computer system. Generally, program modules may include routines,programs, objects, components, logic, data structures, and soon thatperform particular tasks or implement particular abstract datatypes.Computing device 200 may be practiced in distributed data processingenvironments where tasks are performed by remote processing devices thatare linked through a communications network. In a distributed dataprocessing environment, program modules may be located in both local andremote computer system storage media including memory storage devices.

Device 200 is shown in FIG. 2 in the form of a general-purpose computingdevice. The components of device 200 may include, but are not limitedto, one or more processors or processing units 216, a system memory 228,and a bus 218 that couples various system components including systemmemory 228 to processor 216.

Bus 218 represents one or more of any of several types of busstructures, including a memory bus or memory controller, a peripheralbus, an accelerated graphics port, and a processor or local bus usingany of a variety of bus architectures. By way of example, and notlimitation, such architectures include Industry Standard Architecture(ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA)bus, Video Electronics Standards Association (VESA) local bus, andPeripheral Component Interconnect (PCI) bus.

Computing device 200 typically includes a variety of computer systemreadable media. Such media may be any available media that is accessibleby device 200, and it includes both volatile and non-volatile media,removable and non-removable media.

System memory 228 can include computer system readable media in the formof volatile memory, such as random access memory (RAM) 230 and/or cachememory 232. Computing device 200 may further include otherremovable/non-removable, volatile/non-volatile computer system storagemedia. By way of example only, storage system 234 can be provided forreading from and writing to a non-removable, non-volatile magnetic media(not shown and typically called a “hard drive”). Although not shown, amagnetic disk drive for reading from and writing to a removable,non-volatile magnetic disk (e.g., a “floppy disk”), and an optical diskdrive for reading from or writing to a removable, non-volatile opticaldisk such as a CD-ROM, DVD-ROM or other optical media can be provided.In such instances, each can be connected to bus 218 by one or more datamedia interfaces. As will be further depicted and described below,memory 228 may include at least one program product having a set (e.g.,at least one) of program modules that are configured to carry out thefunctions of embodiments of the invention.

Program/utility 240, having a set (at least one) of program modules 215,such as underwriting module, may be stored in memory 228 by way ofexample, and not limitation, as well as an operating system, one or moreapplication programs, other program modules, and program data. Each ofthe operating system, one or more application programs, other programmodules, and program data or some combination thereof, may include animplementation of a networking environment. Program modules 215generally carry out the functions and/or methodologies of embodiments ofthe invention as described herein.

Device 200 may also communicate with one or more external devices 214such as a keyboard, a pointing device, a display 224, etc.; one or moredevices that enable a user to interact with computing device 200; and/orany devices (e.g., network card, modem, etc.) that enable computingdevice 200 to communicate with one or more other computing devices. Suchcommunication can occur via Input/Output (I/O) interfaces 222. Stillyet, device 200 can communicate with one or more networks such as alocal area network (LAN), a general wide area network (WAN), and/or apublic network (e.g., the Internet) via network adapter 220. Asdepicted, network adapter 220 communicates with the other components ofcomputing device 200 via bus 218. It should be understood that althoughnot shown, other hardware and/or software components could be used inconjunction with device 200. Examples, include, but are not limited to:microcode, device drivers, redundant processing units, external diskdrive arrays, RAID systems, tape drives, and data archival storagesystems, etc.

In the description that follows, certain embodiments may be describedwith reference to acts and symbolic representations of operations thatare performed by one or more computing devices, such as the computingsystem environment 200 of FIG. 2. As such, it will be understood thatsuch acts and operations, which are at times referred to as beingcomputer-executed, include the manipulation by the processor of thecomputer of electrical signals representing data in a structured form.This manipulation transforms the data or maintains them at locations inthe memory system of the computer, which reconfigures or otherwisealters the operation of the computer in a manner understood by thoseskilled in the art. The data structures in which data is maintained arephysical locations of the memory that have particular properties definedby the format of the data. However, while an embodiment is beingdescribed in the foregoing context, it is not meant to be limiting asthose of skill in the art will appreciate that the acts and operationsdescribed hereinafter may also be implemented in hardware.

FIGS. 1 and 2 are intended to provide a brief, general description of anillustrative and/or suitable exemplary environment in which embodimentsof the below described present invention may be implemented. FIGS. 1 and2 are exemplary of a suitable environment and are not intended tosuggest any limitation as to the structure, scope of use, orfunctionality of an embodiment of the present invention. A particularenvironment should not be interpreted as having any dependency orrequirement relating to any one or combination of components illustratedin an exemplary operating environment. For example, in certaininstances, one or more elements of an environment may be deemed notnecessary and omitted. In other instances, one or more other elementsmay be deemed necessary and added.

With the exemplary communication network 100 (FIG. 1) and computingdevice 200 (FIG. 2) being generally shown and discussed above,description of certain illustrated embodiments of the present inventionwill now be provided. With reference now to FIGS. 3-10, a usage dataverification system 300 is generally shown in which a first email server302 communicates with one or more second-party servers 304 via a network306 (e.g., the Internet) to verify a user based on usage data associatedwith an email account. In the example embodiment shown, the second-partyservers 304 include a second email server 308 and a network-based server310.

The usage data verification system 300 can include one or more computingdevices 311 which can communicate with the first email server 302 or thevarious second party servers 304. The computing devices 311 can accessthe second email server 308, such as to access an email account thatexchanges emails with an email account hosted by the first email server302. Computing devices 311 can also access the network-based server toaccess a service provided by the network-based server. The usage dataverification system 300 can include one or more cloud-based computingdevices 313 that communicate with the first email server 302 or one ormore of the second-party servers 304, such as to provide processing orstorage support for the corresponding second-party server(s) 304. Thecomputing device 311 can be, for example, an email delivery mechanism(e.g., an interim server, agent, etc.), a device operated by a secondindividual using the second email account, such as a mobile orstationary device, e.g., a cellular phone, smart phone, desktopcomputer, tablet, laptop computer, etc. The cloud-based computing device313 can be, for example, an interim server or a storage system.

The first email server 302 further communicates with at least onestorage system 312 that includes an accounts database 314, a contentdatabase 316, and a usage database 318. In addition, third-party servers320 can communicate with the first email server 302 and/or thesecond-party servers 304 as participants in the email verificationprocess. In the example shown, the third-party servers 320 includethird-party server A 322, third-party server B 324, and third-partyserver C 326. Third-party server A 322 is dedicated to serving thenetwork-based server 310, whereas third-party server B 324 services thenetwork-based server 310 and the second email server 308. Third-partyserver C 326 collects data from and shares data with multiple email andnetwork-based servers, such as on a contractual basis.

In the example shown, the network-based server 310 communicates with athird storage system 330 that includes a network-based service database332 and a consistency database 334. The third-party server C 326communicates with a second storage system 340 that includes athird-party usage datable 342, a third-party network-based servicedatabase 344, and a third-party consistency database 346.

Each of the servers 302, 304, 320 are configured similarly to networkcomputing device 200 depicted in FIG. 2, the network 306 can beconfigured similarly to the communication network 100 depicted in FIG.1, and the storage systems 312, 330, and 340 can be configured similarlyto the storage system 234 shown and described with respect to FIGS. 1and 2. The communication links between any of the servers 302, 304, 320and between the first email server 302 and the storage system 312 can bewired or wireless, and can include communication links of the network306.

First email server 302 hosts email accounts. Hosting email accountsincludes facilitating transmission and receipt of emails to and from anemail account, which is referred to as exchanging emails. First emailserver 302 communicates with at least one user to register the user andestablish an email account for the user. The terms “user” and“individual” are used interchangeably in this disclosure, and can referto a single person, a group of people, a titled position (e.g.,administrator or assistant to a particular person or officer) that caninclude different individuals at different times. A user of individualrefers to a person who uses an email account or network-based service.The user or individual using the email account or network-based servicecan be different from the person that performed the registration, suchas in the case of registration tasks performed legitimately on behalf ofanother person, or in the case of impersonation. The first email server302 stores account information about the user and the user's emailaccount in account database 314. Once the account is established, thefirst email server 302 facilitates sending and receiving emails via theemail account. The actual emails, including their content, are stored asemail data in email content database 316.

In embodiments, the first email server 302 can track usage of the firstemail account and generate associated tracking data. In embodiments, thefirst email server 302 can determine statistics associated with usageand emails associated with the first email account and generatestatistical data. The first email server 302 can store the tracking dataand/or the statistical data as usage data in usage database 318.

The usage data can provide a profile of the first email account that canbe compared to a model profile of a primary email account (describedfurther below). For example, the usage data can include statisticsand/or information about usage associated with the first email account.

The usage data is unrelated to the actual message content, meaning theusage data does not include and is not determined by actual messagecontent included in the email messages associated with the first emailaccount that is exchanged (e.g., sent and/or received) with anotheremail account. In other words, the usage data is separate from theactual content in the exchanged email messages, meaning the usage datadoes not include and is not determined by the actual content of emailmessages or copies thereof, but rather includes data about the emailaccount or data about the exchange of email messages using the account.

The usage data can be included in a usage report from a network-basedserver 310 to the first email server 302 that reports an instance ofinappropriate online behavior by a user who used the first email accountto register to use the network service. Determinations about the usagedata can also be included in the usage report. References to usage datacan include usage data that is included in a usage report. Likewise,references to a usage report can include usage data that is included inthe usage report.

Inappropriate online behaviour can include behaviour that suggests thatthe user used the network services negligently or for malicious purposesthat are inconsistent with a policy of the network-based service and/ornorms of appropriate online behaviour. Examples of inappropriate onlinebehaviour include impersonating another person or engaging ininappropriate consumer, seller, or posting behavior (e.g., piracy,trademark or patent infringement), failure to make timely payment,failure to make timely delivery of a product or service, etc.

The usage data or usage report can include, for example, the date thefirst email account was created; geographic location of an IP addressused to open the first email account; IP address the email is being sentfrom; a measure of repeatedly performing a task, such as a number oftimes a same email was sent; a number of different email addresses thatemails were received from or sent to; IP location of each access to thefirst email account; statistics associated with a number of emailmessages sent and/or received by the first email account (e.g., averagenumber of daily outgoing emails from the first email account in a timeinterval; average number of daily incoming emails for the first emailaccount in a time interval; a number of days with no account activitywithin a time interval; statistics associated with a size of messagessent and/or received by the first email account; statistics associatedwith a type of one or more attachments sent and/or received by the firstemail account; an indication whether the first email account has anassociated profile picture; an indication whether the first emailaccount has an associated verified telephone number; statisticsregarding a number of words included in email messages, statisticsregarding a number of number of recipients designated in email messages,statistics regarding frequency of usage of particular words in emailmessages, statistics regarding a number or frequency of occurrences ofunidentifiable character-strings, and/or one or more reports ofinappropriate online behavior associated with the first email accountthat were provided by a network-based service for behaviors such asimpersonation or inappropriate consumer, seller, or posting behavior.

In a further example, the usage data or usage report can include theresults of a determination whether usage of the first email account isconsistent with a primary email account model, e.g., a score thatrepresents the results of a comparison between the usage data that wasanalysed and predetermined criteria, based on the expected statisticsfor a primary email account (described in greater detail below). Thescore can include a Pass/Fail determination, where Pass suggests a highlikelihood that the email account in question is the primary emailaccount of an actual individual person. In another example, the usagedata can include a certificate that indicates whether or not usage datathat was analysed satisfies predetermined criteria.

In embodiments, the usage report can be represented as metadata that canbe associated with, for example, an email sent from the first emailaccount. The first email server 302 can embed or append metadata to theemail being sent by the first email server 302 or send the metadata in aseparate message.

On the other hand, the email content, which is not accessed forgenerating or determining user data, includes the data that is sent inthe body of the email or attached to the email as an attachment. Thecontent can include, for example, alphanumeric data, graphic data,and/or media or multi-media files (including any combination of imagesvideo, and audio data). This data can be user-generated data that isselected or generated by the user associated with the account from whichthe email was sent. Such user-generated data can include, for example,text generated by the user; attachments selected and attached to theemail by the user that sent the email; or automatically generatedmessages; such as do-not-reply or out-of-office message.

In embodiments, the usage data is evaluated and the usage data and/orresults are reported by the first email server 302 as a usage report toa third-party server 320, the second-party server 304, a computingdevice 311, or a cloud-based computing device 313. The usage report caninclude data that was evaluated and/or results of the evaluation. Inembodiments, the recipient of the usage report evaluates the usagereport and makes its own determination of whether the first emailaccount is consistent with a primary email account.

The results of the evaluation can be interpreted by the recipient as aprobability of whether the email was sent from a primary email accountthat is used for constructive, non-malicious purposes, or a secondaryemail account, which might therefore be suspected to have been createdfor malicious purposes. In other words, the usage report can be used bythe recipient to profile the first email account and make adetermination whether usage of the first email account is consistentwith a primary email account model, The results of the evaluation can beused by the recipient as a determination that influences its actions(e.g., to block an email, decline access to network services, etc.)and/or as a recommendation that it uses to generate warnings or performfurther investigation.

In embodiments, evaluation of the usage report can include comparing theusage data included in the usage report to predetermined criteria forexpected usage. The predetermined criteria can be, for example,parameters of a model primary email account. The results of thecomparison can be used to determine whether a profile of the first emailaccount, which is used by a particular individual, is consistent withthe primary email account model. The primary email account model canmodel an email account that is intended for appropriate email use andindicates established appropriate email usage. When a profile of anemail account is consistent with the primary email account model, thisis an indication that the email account is being used for appropriatepurposes. When a profile of an email account is inconsistent with theprimary email account model, this is an indication that the emailaccount is being used for inappropriate and potentially maliciouspurposes.

In embodiments, a user may have more than one primary email account,e.g., an email account having a profile that is deemed to be consistentwith the primary email account model. In embodiments, a user may belimited to a particular quantity of primary email accounts. Inembodiments, the user may be limited to only a single primary emailaccount.

A primary email account may be characterized, for example, by parameterssuch as: a predetermined duration of time since the email account wascreated; logical usage of geographic location of IP addresses used toopen or use the first email account, such as the locations from whichemails were transmitted within a predetermined time interval beingwithin a predetermined radius; usage of a verified IP address to sendemails; not exceeding a predetermined threshold of repeatedly performinga task, such as a number of times a same email was sent; a number ofdifferent email addresses that emails were received from or sent tobeing within a predetermined range; predetermined thresholds forstatistical characteristic; existence of an associated profile picture,an associated verified telephone number, lack of reports ofinappropriate online activity associated with the first email addressreported by a network-based server 310, etc.

In embodiments, the first email server 302 can provide, in associationwith a communication that involves one of the second-party servers 304,at least a portion of the usage data accessed to a computing device thatis aware of the communication involving the second-party server 304. Thecommunication can be, for example, one of the second email servers 308hosting an email account that is receiving an email from the first emailaccount. In another scenario, the communication can be a user using orattempting to a use a network-based service provided by one of thenetwork-based servers 310. The computing device can be, for example, thesecond-party server 304 itself; a cloud-based computing device 313 thatcommunicates with the second-party server 304, such as to providestorage or processing support to the second-party server 304; or adevice operated by the user that is receiving the email from the firstaccount or is attempting to or is using the network-based service.

In embodiments, the first email server 302 can provide, in associationwith a communication that involves the second-party server 304, anindication of a result of a determination as to whether the profile ofthe first email account is consistent with a primary email account modelused by the individual. The determination can be performed by the firstemail server 302 or a third-party 320. The indication can be, forexample, a score or a certificate that indicates similarity between theemail account and a model account that characterizes a primary emailaccount. The second-party server 304 that receives the usage report canbe a second email server 308 or a network-based server 310.Additionally, the usage data and/or usage report can be accessed by athird-party server 320. Accessing data herein refers to retrieving data,intercepting data, receiving transmitted data, and reading data. In theexample shown, usage data and/or usage report stored in usage database318 can be accessed by the third-party server C 326, and/or the usagereport and/or usage data can be transmitted to the third-party server C326 via network 306, after which third-party server C 326 stores theusage data and/or usage report in the third-party usage database 342.

The second email server 308 that receives the email message can read,interpret, and react to the usage report, such as by determiningdelivery treatment of the email once it has arrived at the second emailserver 308. Additionally, email delivery mechanisms (e.g., interimservers, agents, etc.) involved in transmitting the email from the firstemail server 302 to the second email server 308 can read, interpret, andreact to the usage report, such as by determining delivery treatment ofthe email while the email is in transit to the second email server 308.For example, when a mechanism that receives or sends the email as it isin transit from the first email server 302 to the second email server308 recognizes that the usage report does not meet the predeterminedcriteria, the mechanism can flag, block, auto-reply, or otherwise treatthe email while it is in transit.

With reference now to FIGS. 4-10, shown are flowcharts demonstratingimplementation of the various exemplary embodiments. It is noted thatthe order of operations shown in FIGS. 4-5 is not required, so inprinciple, the various operations may be performed out of theillustrated order. Also certain operations may be skipped, differentoperations may be added or substituted, or selected operations or groupsof operations may be performed in a separate application following theembodiments described herein.

FIG. 4 shows a flowchart 400 of operations performed in accordance withan embodiment of a method of the disclosure. In various embodiments, theoperations shown in flowchart 400 can be performed by an email server,such as the first email server 302, or one of the third parties 320. Thethird-party can be provided with access to the tracked data, which caninclude performing the tracking or obtaining the tracked data from adifferent processing device that performed the tracking. In variousembodiments, the second-party server can be the second email server 308,the network-based server 310, or a third-party 320. The third-party 320can be a server that collects the tracked data from a single emailserver or a plurality of email servers.

At operation 402, tracked data and/or statistical data is accessed,wherein the tracked data tracks usage of the first email account and thestatistical data indicates statistical relationships of aspects of thefirst email account. At operation 404, usage data based on the trackedand/or statistical data is generated. The usage data characterizes usagehistory associated with the first email account, and is separate fromuser-generated content included in email messages associated with thefirst email account. At operation 406, the usage data is accessed by(e.g., transmitted to) a second-party server as an indicator of theusage.

In embodiments, the second-party server 304 is the network-based server310 which is configured to use an email address associated with an emailaccount as identification for a user to use a service provided by thenetwork-based server 310. For example, network-based server 310 mayprovide a network-based service, such as a social network service. Anexample of a social network service is TRIPADVISOR® in which users sharetravel advice and can post reviews of travel related products andservices, such as hotel reviews.

The users may be required by the network-based server 310 to provide anemail address as identification. In accordance with an example, theemail address is associated with an email account hosted by the firstemail server 302. The network-based server 310 can automatically send aquery to the first email server 302 to obtain usage data about the emailaccount. The first email server 302 can automatically respond to thequery by providing a usage report to the requesting network-based server310.

Providing the usage report can include providing all of the usage data(or access thereto) or a selected portion of the usage data (or accessthereto). The network-based server 310 can automatically compare theusage report to predetermined criteria. For example, the predeterminedcriteria can indicate whether the user is a genuine person, or amarketing company that provides a service of posting spurious reviews.The outcome of the comparison can be used by the network-based server310 to allow or deny the user from using services provided by thenetwork-based server 310. This process can be performed withoutexchanging any emails between the network-based server 310 and the user.

The network-based server 310 can store network-based service data in thenetwork-based service database 332. The network-based service dataincludes data about usage of a service provided by the network-basedserver 310 by respective users. The network-based service data caninclude, for example, a location of an IP address used by a user whenusing the service, a time (e.g., date and/or/time of day) at which theservices where used by the user, and/or an alleged location of the userat a particular time (such as indicated by content in a review of aparticular venue).

The network-based service data can be accessed by a third-party server320. In the example shown, network-based service data stored innetwork-based service database 318 can be accessed by the third-partyserver C 326, and/or the network-based service data can be transmittedto the third-party server C 326 via network 306, after which third-partyserver C 326 stores the network-based service data in the third-partyusage database 342.

A consistency analysis can be performed by the network-based server 310or a third-party server 320. The consistency analysis can include acomparison of the usage data or usage report to the network-basedservice data, to determine if they are consistent and corroborate oneanother, are contradictory, or are neutral. The consistency analysis caninclude determining a location of usage, such as by identifying ageographic allocation associated with an IP address or a geolocation ofa device used when using the first email account and the network-basedservices. Timestamps (e.g., date and/or time of day) can be associatedwith usages and locations of usages.

The consistency analysis can further include identifying content oflocation data entered by a user using the network-based services,wherein the location data indicates that a user was at a particularlocation at a particular time. The particular location and time caninclude a general designation (e.g., a continent, a country, a city, aseason, a month, a year) or a specific designation (e.g., an address, alatitude/longitude, a place of business (e.g., a store or restaurant), adate, a time of day). The consistency analysis can include comparinglocation and time information identified in the usage data and thenetwork-based service data to determine if they conflict, corroborate,or are neutral with respect to one another.

Additionally, the consistency analysis can determine if thenetwork-based service data indicates information about the user that isverifiable based on information available about the user through aprofile of the user obtained in association with the first emailaccount. Examples of verifiable information include occupation, gender,and age.

For example, when the user posts a review, content of the reviewincluded in the network-based service data can be compared to the usagereport or usage data to determine if there are any indications that theusage report or usage data conflict with the network-based service data.Consistency data can be generated based on results of the comparison.The consistency data indicates a degree of consistency between the usagereport or usage data and the network-based service data, which can beused to verify the user, e.g., to verify authenticity or acceptablenetwork-based behaviour using services or email. For example, theconsistency data can include an authenticity score that indicatesstrength of determination of user authenticity. The authenticity scorecan be adjusted based on an on-going consistency analysis of the usagereport/usage data and the network-based service data as new usage dataand network-based service data are generated as the user continues touse the network-based service and the email account used to verify theuser for use of the network-based service.

In another example, when a user posts information on a dating site thatcontradicts the user's age or occupation indicated by the user's emailprofile, a conflict is determined and verification can fail and anauthenticity score can be decreased. On the other hand, when the user'sposts are consistent with the data in the user's email profile,corroboration is determined and the user's authenticity score can beincreased.

The network-based server 310 can perform the consistency analysis andstore the associated consistency data in the consistency database 334.The network-based server 310 can then use the consistency analysis toallow or deny access to its services or to share with other servers,such as the first email server 310 or a third-party 320. A plurality ofservers, e.g., first-party servers (such as first email servers 302),second-party servers 304 and third-party servers 320 can generate,share, and/or compare data, such as usage reports, usage data,network-based service data, and consistency data.

The network-based server 310 can transmit the consistency data, forexample, to the third-party server C 326, such as via network 306, afterwhich third-party server C 326 stores the consistency data in thethird-party consistency database 342. In embodiments, the third-partyserver C 326 can perform a consistency analysis using usage reports orusage data stored in the third-party usage database 342 andnetwork-based service data stored in the third-party network-servicedatabase 344, and store the results as consistency data in thethird-party consistency database 346.

FIG. 5 shows a flowchart 500 of operations performed in accordance withan embodiment of a method of the disclosure. In various embodiments, theoperations shown in flowchart 500 can be performed by an email server,such as the first email server 302. At operation 502, a first emailaccount is hosted that is configured to exchange email messages withanother email account, e.g., to facilitate sending and receiving emailmessages. At operation 504, usage of the first email account is trackedand/or statistics associated with the first email account are generated.At operation 506, usage data based on the tracked usage and/orstatistics is generated. The usage data can characterize usage historyassociated with the first email account, and is separate fromuser-generated content included in email messages associated with thefirst email account. At operation 508, an email message is transmittedto another email server that hosts a second email account, such as thesecond email server 308. At operation 510, selected usage data istransmitted as a usage report in association with the email message,such as by metadata sent with the email message, or in a separatemessage that identifies the email message.

FIG. 6 shows a flowchart 600 of operations performed in accordance withan embodiment of a method of the disclosure. In various embodiments, theoperations shown in flowchart 600 can be performed by a first emailserver system, such as the second email server 308. At operation 602, afirst email account is hosted by the first email server system, whereinthe first email account is configured to exchange email messages withanother email account, such as to facilitate sending and receiving emailmessages to and from the other email account, which can be hosted byanother server. At operation 604, an email message associated with asecond email account is received. The second email account is hosted bya second email server system, such as the first email server 302. Atoperation 606, usage reports, usage data, and/or consistency dataassociated with the second email account are accessed. The usagereports, usage data, and/or consistency data can be retrieved or can bereceived, for example, with transmission of the email message (e.g., asmetadata) or in response to a request. The usage reports, usage data,and/or consistency data can be provided by the second email serversystem or a third-party, such as one of third-parties 320.

At operation 608, the first email server system determines whether theusage reports, usage data, and/or consistency data satisfy predeterminedcriteria. Determining whether the predetermined criteria are satisfiedcan include determining whether the usage reports and/or usage data areconsistent with parameters of a primary email account model. Theparameters can be selectable, such as by a user or administrator of thefirst email account.

If the determination at operation 608 is YES, then at operation 610 theemail message is allowed to be delivered to the first email account. Ifthe determination at operation 608 is NO, then at operation 612, thefirst email server system selects an alternative delivery treatment fordelivery of the email, the alternative delivery system being differentthan allowing the email message to be delivered.

Examples of different delivery treatment that the first email serversystem may select include: deletion and non-delivery of the emailmessage with no notice to the first or second email accounts; deletionand non-delivery of the email message, but with notice to at least oneof the first and second email accounts that the predetermined criteriaassociated with the second email account were not met; delivery of theemail message to the first email account with notice that thepredetermined criteria associated with the second email were not met;non-delivery of the email pending a request from the first email accountwith notice that the predetermined criteria associated with the secondemail account were not met and that delivery of the email message isavailable for a limited time period pending a request from the firstemail account.

In embodiments, the first delivery treatment can be selected even if thethreshold criteria associated with the email message were not met whenan override condition is satisfied. The override condition can include,for example, and without limitation, inclusion of a predeterminedcharacter sequence in the content of the email message or adetermination that the second email account that sent the email messageis included in a whitelist of approved email accounts. Email messagessent form email accounts included in the whitelist can thus be deliveredregardless of whether the threshold criteria are met.

Although the example described uses the second email server 308 as thefirst email server system, one having skill in the art will understandthat in embodiments, the roles of the first and second email servers 302and 308 can be reversed, such that the first email server functions asthe first email server system and the second email server functions asthe second email server system.

In a scenario, a legitimate user may attempt to open a new emailaccount. Special procedures can be used to allow opening such a newemail account, such as providing a whitelist of users that haveundergone an alternative verification system which an email server canconsult. If the user is included on the whitelist, the email server canforego using usage data to determine the legitimacy of the user.

In a scenario, a user may object to tracking usage data. In embodiments,the first user of the first email account that sent the email messagecan select an option to restrict access to and/or transmission of theusage data. The first user, however, may be provided with limitedrights, such that email messages sent by the first user or access by thefirst-user to network-based services may be restricted unless the firstuser can provide alternative verification of his appropriate usage ofemail services or network-based services.

In embodiments of the method illustrated by flowchart 600, thealternative delivery treatment can be selectable. The same or differentrules can be applied to all email accounts hosted by the second emailserver 308 to determine the alternative delivery treatment, or the userof the first email account that receives the email message can selectthe alternative delivery treatment. Selection of the alternativedelivery treatment can be made before the email message is received orafter the email message is received.

The predetermined criteria can also be selectable. The same or differentpredetermined criteria can be applied to the email accounts hosted bythe first email server system. In embodiments, the user of the firstemail account can select the predetermined criteria. Selection of thepredetermined criteria can be made before the email message is received,or after the email message is received.

In embodiments, the third-party 320 can select the rules to apply fordetermining the delivery treatment, the delivery treatment, and/or thepredetermined criteria to be applied.

The first email server system can request that all users holding anaccount hosted by the first email server system specify standinginstructions on how to filter inbound emails based on the usage dataand/or consistency data. Incoming emails would be compared with thestanding instructions and disposed of accordingly. For example, the userassociated with the first email account may specify that if an emailcomes from an account that has more than N (e.g., 100) outbound emailson more than one day within the past month, or if the associated emailaccount has sent out M (e.g., 100) identical email messages, then thatemail would be immediately discarded into a junk folder. This candecrease the occurrence of unsolicited email, e.g., spam reachingtargeted recipients, and deter the future use of spam.

In another example, a user who is being cyber-bullied can configurehis/her email service-provided filter to block emails from accounts thatwere not established before at least a predetermined date (e.g., oneyear before the subject email), and/or have had at least N (e.g., 100)inbound or outbound emails in the year. Emails sent from email accountsthat do not meet the criteria selected by user can be prevented frombeing delivered without causing harm to the user or being noticed by theuser. Even if a party sending malicious or unsolicited emails suspectedthat some type of filtering was being used (e.g., due to a victim user'sfailure to react), the party may consider circumventing the filtering byregistering for a new account in an attempt to preserve anonymity (e.g.,using fake information) and using the email account sufficiently toappear as genuine, without knowledge of whether or when an unsolicitedmessage would be delivered. Since the circumvention is time consumingand requires effort, the usage data verification system 300 may tend todeter and discourage transmission of unsolicited messages, such assending spam or cyber-bullying emails. Although a few unsolicited emailsmay reach their destination, cyber-bullying from make-shift emailaddresses may be significantly decreased. A third-party server 320 canbe a central address for storing and combining usage data andconsistency data from other servers. For example, the network-basedserver 310 can provide to third-party server C326 network-based servicedata that includes reviews submitted by a user about travels in Munichin October 2015 (e.g., hotel and restaurant reviews). An email serversystem (e.g., first or second email servers 302 or 308) can provide tothe third-party server C 326 usage data associated with an email accountestablished by the same user. Different combinations of data fromdifferent sources can be compared, such as network-based service dataand/or usage data attributed to a particular user. Based on thecomparison, a determination can be made whether there is consistencybetween the data from different sources. Consistency data can begenerated based on the determination of consistency. The consistencydata can indicate whether the data from different sources corroborateone another and establish strong consistency, or contradict one anotherand establish weak consistency.

The comparison can be performed by the third-party server C 326 or aserver that accesses the network-based service data and usage data.Access to the network-based service data and usage data can be providedby the third-party server C 326 to subscribing users. Alternatively,email servers (e.g., first and/or second email servers 302, 308) and/ornetwork-based servers (e.g., network-based server 310) can exchangenetwork-based service data and usage data. Any of the first and secondemail servers 302 and/or 308, network-based server 310, and/orthird-party servers 320 can perform a comparison of data from differentsources, determine consistency of the compared data, and generatingconsistency data based on the determination of consistency.

For example, the network-based server 310 can determine if the usagedata associated with the user's email account uses an IP address locatedin Munich during the time period indicated by network-based service dataassociated that data in a review. Usage data that includes use of an IPaddress in Munich during that time period can provide corroboration toindicate strong consistency that can boost a consistency score. Usagedata that includes use of an IP address in Bombay during that timeperiod can provide a contradiction to indicate weak consistency thatwill lower the consistency score. Usage data that includes no usageduring that time period can be a fairly neutral indication ofauthenticity that may not change the consistency score.

In another example, when a network-based server 310 providing asocialnetwork site, such as FACEBOOK®., receives an application for anew useraccount, the network-based server 310 can automatically request andreceive usage data associated with an email address provided by the newuser. The usage data may be compared to predetermined criteria todetermine whether the email account is, for example, at least 90 daysold and has exchanged at least X emails during a certain time period,each email containing not less than fifty words.

In embodiments, user verification can be used to allow access tonetwork-based services based on a comparison of usage data topredetermined criteria. Such user verification can prevent unscrupulousindividuals from setting up false social network accounts withnewly-minted email addresses. Minimizing false social network accountscan prevent or mitigate social account usage for illegal or distastefulpurposes, such as soliciting child sex, or ranting against a classmate,company, or public figure with the cloak of anonymity. Additionally,verification of users based on usage data can prevent or mitigateestablishment of social network accounts meant to impersonate anotherperson without permission, such as for the purpose of causing otherusers to believe that the social network account is associated with theother person. The necessity to circumvent usage data verificationprocess can deter improper use of services provided by the network-basedserver 310, since establishing usage data that would meet thepredetermined criteria can be time consuming and tedious.

In an embodiment, conventions of types of usage data and/or consistencydata to use for verification and standardization of usage data formatscan be established to increase usage among different parties. Trends andstandardization can be established by email servers and/or network-basedservers requiring user verification using usage data and/or consistencydata. A service of user verification using usage data and/or consistencydata can be provided as a courtesy or for a fee.

User verification using usage data and/or consistency data bysecond-party servers 304 can boost user-confidence and increasepopularity. Email servers that perform user verification using usagedata and/or consistency data may refuse to exchange emails with emailservers that do not provide such user verification services. Users maychoose to only use services provided by network-based servers 310 thatboost security and user-confidence by performing user verification usingusage data and/or consistency data.

In embodiments a third-party server 320 can set user verificationstandards for a server it interacts with, wherein the server or thethird-party server 320 perform the user verification. Standards cangovern, for example, which types of usage data to use, which types ofpredetermined criteria to use as a threshold, and which actions to take(e.g., which delivery treatments to use or which level of services toallow) when the predetermined criteria are not met.

FIG. 7 shows a flowchart 700 of operations performed in accordance withan embodiment of a method of the disclosure. In various embodiments, theoperations shown in flowchart 700 can be performed by a network-basedserver that provides a service to users, such as the network-basedserver 310. At operation 702, a network-based service is hosted. Atoperation 704, a request to use the network-based service is receivedfrom a user. In embodiments, the network-based server 310 providesservices such as at least one of posting data to a website; respondingto a social-network prompt; entering data in a query box in a website;participating in an online chat or forum; submitting a consumer reviewof a product or service; submitting a private or public message via awebsite; voting in a poll; transacting a financial transaction.

At operation 706, an email address is received as verifiableidentification information to identify the user. At operation 708, ausage report, usage data and/or consistency data associated with anemail account that corresponds to the email address is accessed. Theusage data can be requested or retrieved from an email server that hoststhe email account or a third-party server. For example, thenetwork-based server 310 can submit an identity verification requestwith the received email address to the email server that hosts the emailaccount associated with the email address or to a third-party server320. A usage report, usage data, and/or consistency data associated withthe email account can be transmitted to the network-based server 310 inresponse to the identity verification request.

At operation 710, a determination is made whether the usage report,usage data, and/or consistency data satisfy a threshold requirement. Ifthe determination at operation 710 is YES, then the method continues atoperation 712. At operation 712, the user is allowed access to thenetwork-based service. The method continues at operation 716. If thedetermination at operation 710 is NO, then the method continues atoperation 714. At operation 714, a modification is made to accessallowed by the user to the network-based service. The modification caninclude, for example, disallowing the user from using the services;delaying allowing the user from using the services pending furtherinvestigation; disallowing the user from using the services and actingto cancel an account associated with the user for using the services. Atoperation 716, the user is provided with network-based service based onthe access allowed.

FIG. 8 shows a flowchart 800 of operations performed in accordance withan embodiment of a method of the disclosure. In various embodiments, theoperations shown in flowchart 800 can be performed by a network-basedserver that provides a service to users, such as the network-basedserver 310. At operation 802, a network-based reviewer service, such asTRIPADVISOR® is hosted. At operation 804, a request is received from auser to open a reviewer's account associated with the network-basedservice. At operation 806, an email address is received as verifiableidentification information to identify the user. At operation 808, aquery is transmitted to an email server that hosts an email accountassociated with the email address. The query requests a usage report,usage data, and/or consistency data associated with the email account.At operation 810, a determination is made whether the usage report,usage data, and/or consistency data satisfies a threshold requirement ofthe reviewer service. If the determination at operation 810 is YES, thenat operation 812, the user is allowed to open a reviewer account. If thedetermination at operation 810 is NO, then at operation 814, the user isdisallowed from opening a reviewer account.

FIG. 9 shows a flowchart 900 of operations performed in accordance withan embodiment of a method of the disclosure. In various embodiments, theoperations shown in flowchart 900 can be performed by a third-partyserver, such as third-party server C 326, an email server, such as firstor second email servers 302 or 308, or a network-based server, such asnetwork-based server 310. At operation 902, email usage data isaccessed. At operation 904, network-based service data is accessed. Atoperation 906, the email usage data and the network-based service dataare compared. At operation 908, a level of consistency between the emailusage data and the network-based service data is determined byperforming a consistency analysis. At operation 910, consistency data isgenerated that indicates the determined level of consistency between theemail usage data and the network-based service data. At operation 912,the consistency data is transmitted to another server. Operation 912 isdepicted using dotted lines, as operation 912 is an operation that wouldbe performed by third-party server, but may not be performed by certainservers that would use the consistency data to make a determination,such as an email server or network-based service server.

FIG. 10 shows a flowchart 1000 of operations performed in accordancewith an embodiment of a method of the disclosure. In variousembodiments, the operations shown in flowchart 1000 can be performed bya computing device that receives an email message sent from a firstemail account of a first email server. The first email account is usedby a first individual, wherein the individual is a user of the firstemail account. The computing device can be configured, for example,similar to computing device 311 or cloud-based computing device 313.

At operation 1002, an indication is received that the email message hasbeen sent from the first email account hosted by a first email server,similar to first email server 302, to a second email account hosted by asecond email server, similar to second email server 304. At operation,1004 the usage data associated with usage of the first email account isaccessed. The usage data can be accessed from the first email server ora third-party server, similar to third-party servers 320, that storesand/or evaluates the usage data. The usage data can include actual usagedata, and/or an indication (e.g., a score, a binary result, etc.) ofresults of an evaluation. The evaluation can compare the usage data topredetermined criteria, such as profiling criteria that indicate thefirst email account is consistent with a primary email account model ofthe first individual. Accessing the usage data can include requestingand receiving the usage data, retrieving the usage data from a storedlocation, and/or receiving the usage data, such as based on apredetermined protocol, etc.

At operation 1006, the usage data is evaluated, such as by comparing theusage data to predetermined criteria, e.g., a model primary emailaccount. Operation 1006 may be omitted, as indicated by the dottedlines, if evaluation results were received with the usage data that wasaccessed at operation 1004. The results of the evaluation can include,for example, a score or a binary result.

At operation 1008, a determination is made whether the results of theevaluation accessed at operation 1004 or performed at operation 1006satisfy second predetermined criteria. The second predetermined criteriacan be a threshold evaluation result. If the determination at operation1008 is YES, then at operation 1010 the email message is handled as anallowed email message. Treating the email message as an allowed emailmessage can include, for example and without limitation, allowing theemail message to be received in the inbox of the second email account,storing the email message with an indication of approval, and/or storingthe email message with permission for the email message to be opened bythe second individual without a warning that the email message is notfrom an approved sender.

If the determination at operation 1008 is NO, then at operation 1012 theemail message is handled as a suspicious email message that indicatesinappropriate, e.g., malicious email behavior. Treating the emailmessage as a suspicious email message can include, for example andwithout limitation, preventing the email message from being received inthe inbox of the second email account, storing the email message with anindication of being suspicious, deleting the email message so that it isnot stored in association with the second email account, storing theemail message without allowing the second individual to open the emailmessage; and/or storing the email message and allowing the secondindividual to open the email message in conjunction with a warning thatthe email message is not from an approved sender.

Advantages to using usage data verification for opening new emailaccounts and other network-based accounts include deterring usage ofinappropriate email accounts and receipt of unsolicited or maliciousemails associated with behaviour such as spam, cyber-stalking,cyber-bullying, transmission of malware, spurious reviewing of productsand services, and computer hi-jacking. Email servers and network-basedservers can reduce multiple dummy accounts and reduce potentialliability for malicious online behaviour. Additionally, email serversand network-based servers can use their own usage data or corroborateddata or usage and consistency data obtained from other servers toperiodically cull email accounts and eliminate abandoned or unused.Users of email and network-based servers will benefit by a reduction inunsolicited emails and malicious online behaviour.

With certain illustrated embodiments described above, it is to beappreciated that various non-limiting embodiments described herein maybe used separately, combined or selectively combined for specificapplications. Further, some of the various features of the abovenon-limiting embodiments may be used without the corresponding use ofother described features. The foregoing description should therefore beconsidered as merely illustrative of the principles, teachings andexemplary embodiments of this invention, and not in limitation thereof.

It is to be understood that the above-described arrangements are onlyillustrative of the application of the principles of the illustratedembodiments. Numerous modifications and alternative arrangements may bedevised by those skilled in the art without departing from the scope ofthe illustrated embodiments, and the appended claims are intended tocover such modifications and arrangements.

1. A method to reduce inappropriate online behavior, the methodcomprising; providing a network service; receiving a request from a userto use the network service; and requesting a usage report about an emailaccount associated with the user, wherein: the usage report is based onanalysis of usage data representative of usage of the email account, theanalysis is based on at least one of a date that the email account wasestablished, tracked history of emails received by the email account,and a history of IP addresses used when accessing the email account forcommunicating with multiple other email accounts, and the usage data isunrelated to content included in email messages exchanged by the emailaccount, and either a first level or a second level of the networkservice available to the user is selected, wherein selection of thefirst or second level is based on whether the usage report meetsselectable criteria.
 2. The method of claim 1, further comprising:selecting the first level or the second level of the network service;and providing availability of the network service based on which of thefirst and second levels is selected.
 3. The method of claim 2, furthercomprising: selecting the second level when the usage report does notmeet the selectable criteria; denying availability of the networkservice or providing a reduced availability of the network service whenthe second level is selected; selecting the first level when the usagereport does meet the selectable criteria; and providing a non-reducedavailability of the network service when the first level is selected. 4.The method of claim 1, wherein the network service is a social mediaservice.
 5. The method of claim 1, wherein the usage report includes atleast a portion of the usage data.
 6. The method of claim 1, wherein theusage report includes at least statistics calculated based on the usagedata.
 7. The method of claim 1, wherein the usage report indicateswhether the usage data is consistent with a primary email account model.8. The method of claim 1, further comprising selecting the first orsecond level based on a determined level of consistency betweennetwork-based service data indicative of usage of the network service bythe user and the usage data.
 9. The method of claim 8, furthercomprising: comparing the network-based service data to the usage data;and generating consistency data based on the comparison, wherein theconsistency data indicates a level of consistency between the usage dataand the network-based service data, the level of consistency being basedon at least one of (a) consistency between a geographic location of anIP address associated with usage of the email account and the networkbased service and (b) consistency between an age or occupation of theuser indicated by a profile or usage associated with the email accountand a profile or usage associated with the usage of the network-basedservice by the user, wherein the selection of the first or second levelof service is based on a level of consistency indicated by theconsistency data.
 10. The method of claim 9, further comprisingdetermining the level of consistency based on temporal and location dataassociated with the usage data as compared with temporal and locationdata associated with usage of the network-based service data by theuser.
 11. The method of claim 1, wherein the usage report indicates atleast one of: statistics associated with a number of email messagesexchanged with the email account; statistics associated with a size ofmessages exchanged with the email account; statistics associated with atype of one or more attachments exchanged with the email account; anindication whether the email account has an associated profile picture;and an indication whether the email account has an associated verifiedtelephone number.
 12. The method of claim 1, wherein the network-basedservice includes at least one of posting data to a website; respondingto a social-network prompt; entering data in a query box in a website;participating in an online chat or forum; submitting a consumer reviewof a product or service; exchanging private or public messages; votingin a poll; and transacting a financial transaction.
 13. The method ofclaim 2, wherein the request is to establish a new account for the userto have access to the network service, and providing the network serviceincludes establishing the new account when the first level is selected,and denying establishment of the new account when the second level isselected.
 14. The method of claim 2, wherein the request is to use thenetwork service using an account already established for the user, andproviding the network service includes allowing the user unreduced usageof the network service when the first level is selected, and prohibitingthe user usage of the network service requested or allowing reducedusage of the network service when the second level is selected.
 15. Aserver comprising: a memory configured to store a plurality ofprogrammable instructions; and at least one processing device incommunication with the memory, wherein the at least one processingdevice, upon execution of the plurality of programmable instructions isconfigures to: provide a network service; receive a request from a userto use the network service; and request a usage report about an emailaccount associated with the user, wherein: the usage report is based onanalysis of usage data representative of usage of the email account, theanalysis is based on at least one of a date that the email account wasestablished, tracked history of emails received by the email account,and a history of IP addresses used when accessing the email account forcommunicating with multiple other email accounts, and the usage data isunrelated to content included in email messages exchanged by the emailaccount, and either a first level or a second level of the networkservice available to the user is selected, wherein selection of thefirst or second level is based on whether the usage report meetsselectable criteria.
 16. The server of claim 15, wherein the processor,upon execution of the plurality of programmable instructions isconfigured to: select the first level or the second level of the networkservice; and provide availability of the network service based on whichof the first and second levels is selected.
 17. The server of claim 16,wherein the processor, upon execution of the plurality of programmableinstructions is configured to: select the second level when the usagereport does not meet the selectable criteria; deny availability of thenetwork service or providing reduced availability of the network servicewhen the second level is selected; select the first level when the usagereport does meet the selectable criteria; and provide non-reducedavailability of the network service when the first level is selected.18. The server of claim 15, wherein the network service provided is asocial media service.
 19. The server of claim 15, wherein the usagereport includes at least a portion of the usage data.
 20. The server ofclaim 15, wherein the usage report includes at least statisticscalculated based on the usage data.
 21. The server of claim 15, whereinthe usage report indicates whether the usage data is consistent with aprimary email account model.
 22. The server of claim 15, wherein theprocessor, upon execution of the plurality of programmable instructionsis further configured to select the first or second level of usage basedon a determination of consistency between network-based service dataindicative of usage of the network service by the user and the usagedata.
 23. The server of claim 22, wherein the processor, upon executionof the plurality of programmable instructions is further configured to:compare the network-based service data to the usage data; and generateconsistency data based on the comparison, wherein the consistency dataindicates a level of consistency between the usage data and thenetwork-based service data, the level of consistency being based on atleast one of (a) consistency between a geographic location of an IPaddress associated with usage of the email account and the network basedservice and (b) consistency between an age or occupation of the userindicated by a profile or usage associated with the email account and aprofile or usage associated with the usage of the network-based serviceby the user, wherein selection of the first or second level of serviceis based on a level of consistency indicated by the consistency data.24. The server of claim 23, wherein the processor, upon execution of theplurality of programmable instructions is configured to determine thelevel of consistency based on temporal and location data associated withthe usage data as compared with temporal and location data associatedwith usage of the network-based service data by the user.
 25. The serverof claim 15, wherein the usage report indicates at least one of:statistics associated with a number of email messages exchanged with theemail account; statistics associated with a size of messages exchangedwith the email account; statistics associated with a type of one or moreattachments exchanged with the email account; an indication whether theemail account has an associated profile picture; and an indicationwhether the email account has an associated verified telephone number.26. The server of claim 15, wherein the network-based service includesat least one of posting data to a website; responding to asocial-network prompt; entering data in a query box in a website;participating in an online chat or forum; submitting a consumer reviewof a product or service; exchanging a private or public message; votingin a poll; and transacting a financial transaction.
 27. The server ofclaim 16, wherein the request is to establish a new account for the userto have access to the network-based service, and providing the networkservice includes establishing the new account when the first level isselected, and denying establishment of the new account when the secondlevel is selected.
 28. The server of claim 15, wherein the request is touse the network service using an account already established for theuser, and providing the network service includes allowing the userunreduced usage of the network service when the first level of usage isselected, and prohibiting the user usage of the network service orallowing a reduced usage of the network service when the second level isselected.
 29. A non-transitory computer readable storage medium and oneor more computer programs embedded therein, the computer programscomprising instructions, which when executed by a computer system, causethe computer system to: provide a network service; receive a requestfrom a user to use the network service; and request a usage report aboutan email account associated with the user, wherein: the usage report isbased on analysis of usage data representative of usage of the emailaccount; the analysis is based on at least one of a date that the emailaccount was established, tracked history of emails received by the emailaccount, and a history of IP addresses used when accessing the emailaccount for communicating with multiple other email accounts, and theusage data is unrelated to content included in email messages exchangedby the email account, and either a first level or a second level of thenetwork service available to the user is selected, wherein selection ofthe first or second level is based on whether the usage report meetsselectable criteria.
 30. The computer readable storage medium of claim29, wherein the computer system, when executing the computer programs,is further caused to: select the first level or the second level of thenetwork service; and provide availability of the network service basedon which of the first and second levels is selected.